How to add EntraID MCP Server (Microsoft Graph) to Windsurf
Manage Microsoft Entra ID via Graph API — users, groups, apps, MFA, sign-in logs, conditional access and more. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 39★ · stdio · apikey
Windsurf config for EntraID MCP Server (Microsoft Graph)
fastmcp install '/path/to/src/msgraph_mcp_server/server.py' --with msgraph-sdk --with azure-identity --with azure-core --with msgraph-core -f /path/to/.env{
"mcpServers": {
"entraid-mcp-server-microsoft-graph": {
"command": "uv",
"args": [
"run",
"--with",
"azure-core",
"--with",
"azure-identity",
"--with",
"fastmcp",
"--with",
"msgraph-core",
"--with",
"msgraph-sdk",
"fastmcp",
"run",
"/path/to/src/msgraph_mcp_server/server.py"
],
"env": {
"TENANT_ID": "<your-tenant-id>",
"CLIENT_ID": "<your-client-id>",
"CLIENT_SECRET": "<your-client-secret>"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the EntraID MCP Server (Microsoft Graph) config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5EntraID MCP Server (Microsoft Graph)'s tools become available to Cascade.
Before you start
- An Azure AD (Microsoft Entra ID) tenant
- An Azure AD app registration with TENANT_ID, CLIENT_ID and CLIENT_SECRET (or certificate-based auth)
- Appropriate Microsoft Graph application permissions granted and admin-consented (e.g. User.Read.All, Group.Read.All / Group.ReadWrite.All, Directory.Read.All, Policy.Read.All, AuditLog.Read.All, Application.ReadWrite.All, etc.)
- Python with uv and FastMCP, plus msgraph-sdk, azure-identity, azure-core and msgraph-core dependencies
What EntraID MCP Server (Microsoft Graph) can do in Windsurf
search_usersSearch users by name/email (optional limit).
get_user_by_idGet user details by ID.
get_privileged_usersList all users in privileged directory roles.
get_user_rolesGet all directory roles assigned to a user.
get_user_groupsGet all groups (including transitive memberships) for a user.
get_all_groupsGet all groups, with paging (optional limit).
get_group_by_idGet a specific group by its ID.
search_groups_by_nameSearch for groups by display name.
Security
Authenticates with an Azure AD application using TENANT_ID, CLIENT_ID and CLIENT_SECRET. Never commit secrets — `.env` and secret files are gitignored. Grant only the least-privileged Microsoft Graph permissions your tasks require. Note the server can perform high-impact write operations (reset user passwords, create/update/delete groups, applications and service principals, manage members/owners), so scope its app registration carefully.
EntraID MCP Server (Microsoft Graph) + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the EntraID MCP Server (Microsoft Graph) config there under the "mcpServers" key and restart the client.
Is EntraID MCP Server (Microsoft Graph) safe to use with Windsurf?
Authenticates with an Azure AD application using TENANT_ID, CLIENT_ID and CLIENT_SECRET. Never commit secrets — `.env` and secret files are gitignored. Grant only the least-privileged Microsoft Graph permissions your tasks require. Note the server can perform high-impact write operations (reset user passwords, create/update/delete groups, applications and service principals, manage members/owners), so scope its app registration carefully.
Is this an official Microsoft server?
No. It is a community project by GitHub user hieuttmmo that wraps the Microsoft Graph API; it is not published by Microsoft.
How does it authenticate?
With an Azure AD app registration using TENANT_ID, CLIENT_ID and CLIENT_SECRET provided via environment variables or a config/.env file. Certificate-based auth is also optionally supported.
Which Microsoft Graph permissions are required?
Grant only what you need. The README lists application permissions such as User.Read.All, Directory.Read.All, Group.Read.All/Group.ReadWrite.All, Policy.Read.All, AuditLog.Read.All, RoleManagement.Read.Directory, UserAuthenticationMethod.Read.All, User-PasswordProfile.ReadWrite.All, DeviceManagementManagedDevices.Read.All and Application.ReadWrite.All. Read-only group queries only need Group.Read.All and GroupMember.Read.All.